[][src]Module rpki::sigobj::spec

Signed Objects Specification.

This is a documentation-only module. It summarizes the specification for signed objects, how they are to be parsed and constructed.

Signed objects are CMS signed objects that have been severly limited in the options of the various fields. They are specified in RFC 6488 while CMS is specified in RFC 5652.

A signed object is a CMS object with a single signed data obhect in it.

A CMS object is:

ContentInfo             ::= SEQUENCE {
    contentType             ContentType,
    content                 [0] EXPLICIT ANY DEFINED BY contentType }

The contentType must be oid::SIGNED_DATA and the content a SignedData object (however, note the [0] EXPLICIT there) as follows:

SignedData              ::= SEQUENCE {
    version                 CMSVersion,
    digestAlgorithms        DigestAlgorithmIdentifiers,
    encapContentInfo        EncapsulatedContentInfo,
    certificates            [0] IMPLICIT CertificateSet OPTIONAL,
    crls                    [1] IMPLICIT RevocationInfoChoices OPTIONAL,
    signerInfos             SignerInfos }

EncapsulatedContentInfo ::= SEQUENCE {
    eContentType            ContentType,
    eContent                [0] EXPLICIT OCTET STRING OPTIONAL }

CertificateSet          ::= SET OF CertificateChoices

CertificateChoices      ::= CHOICE {
    certificate             Certificate,
    extendedCertificate     [0] IMPLICIT ExtendedCertificate,   -- Obsolete
    v1AttrCert              [1] IMPLICIT AttributeCertificateV1,-- Obsolete
    v2AttrCert              [2] IMPLICIT AttributeCertificateV2,
    other                   [3] IMPLICIT OtherCertificateFormat }

Limitations imposed by RFC 6488 are as follows:

  • The version must be 3.
  • The digestAlgorithms set must be exactly one algorithm chosen from those defined in RFC 7935. The DigestAlgorithm type implements both the DigestAlgorithmIdentifier and DigestAlgorithmIndentifiers definitions (the latter via take_set_from and encode_set).
  • The eContentType field of encapContentInfo defines the type of an object. Check the specific signed objects for their matching object ID.
  • The eContent field of encapContentInfo must be present and contains actual content of the signed object.
  • There must be exactly one certificate in the certificates set. It must be of the certificate choice (that’s not exactly in RFC 6488, but it is the only logical choice for ‘the RPKI end-entity (EE) certificate needed to validate this signed object’), which in practice means it is just one Cert.
  • The crls field must be omitted.

The SignerInfos structure:


SignerInfos             ::= SET OF SignerInfo

SignerInfo              ::= SEQUENCE {
    version                 CMSVersion,
    sid                     SignerIdentifier,
    digestAlgorithm         DigestAlgorithmIdentifier,
    signedAttrs             [0] IMPLICIT SignedAttributes OPTIONAL,
    signatureAlgorithm      SignatureAlgorithmIdentifier,
    signature               SignatureValue,
    unsignedAttrs           [1] IMPLICIT UnsignedAttributes OPTIONAL }

SignerIdentifier        ::= CHOICE {
    issuerAndSerialNumber   IssuerAndSerialNumber,
    subjectKeyIdentifier    [0] EXPLICIT SubjectKeyIdentifier }

SubjectKeyIdentifier    ::= OCTET STRING
 
SignatureValue          ::= OCTET STRING

Limitations are as follows:

  • There must be exactly one SignerInfo present.
  • The version must be 3.
  • The sid must be identical to the value of the Subject Key Identifier extension of the included certificate. I.e., it must be the second choice.
  • The digestAlgorithm must be the same as the only value in the outer digestAlgorthm field.
  • The signedAttrs field must be present. See below.
  • For the content of the signature field, see below.
  • The unsignedAttrs field must be omitted.

Finally, SignedAttributes is a sequence of attributes keyed by an OID. RPKI has two mandatory and two optional attributes. Definition for all of these is the following:

SignedAttributes        ::= SET SIZE (1..MAX) OF Attribute

Attribute               ::= SEQUENCE {
    attrType                OBJECT IDENTIFIER,
    attrValues              SET OF AttributeValue }

ContentType             ::= OBJECT IDENTIFIER

MessageDigest           ::= OCTET STRING

SigningTime             ::= Time

Time                    ::= CHOICE {
    utcTime                 UTCTime,
    generalizedTime         GeneralizedTime }

BinarySigningTime       ::= BinaryTime

BinaryTime              ::= INTEGER (0..MAX)

The two mandatory attributes are ContentType and MessageDigest. The content type attribute must be the same as the eContentType field of the encapContentInfo. The message digest attribute contains the digest value of the (actual) content.

The SigningTime and BinarySigningTime attributes are optional. Their presence is not considered when validating a signed object.

No other attribute may be present.

For the object identifiers of the attributes, see the oid module.

The signature field of the signed object contains a signature over the DER encoding of the signedAttrs field.